On Thu, Dec 18, 2008, Victor Duchovni wrote: > On Fri, Dec 19, 2008 at 12:32:48AM +0100, Dr. Stephen Henson wrote: > > > > The OPENSSL_config() function is designed to be a very simple > > > "call it > > > and forget it" function. As a result its behaviour is somewhat lim- > > > ited. It ignores all errors silently and it can only load from the > > > standard configuration file location for example. > > > > > > Was the documentation wrong all along, or does FIPS force a change in > > > the documented semantics of existing APIs? > > > > > > > The documentation is incomplete. Some errors such as a missing configuration > > file are ignored. > > > > An error when running a configuration module will cause the application to > > exit. This can be caused by a malformed configuration file or an error which > > occurs when an API call is made. An example of that would be a failed > > FIPS_mode_set(). > > If OPENSSL_config() calls exit() on error, Postfix must not use > OPENSSL_config(). Is the CONF_modules_load_file() interface safe in this > respect (will return errors, not exit)? >
OPENSSL_config() has that behaviour because it has no idea what the application considers appropriate under those circumstances. Generally that wont happen unless something bad(tm) has happened. CONF_modules_load_file() just returns error codes and will never exit an application. Indeed OPENSSL_config() calls that, see crypto/conf/conf_sap.c Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
